Nytro Posted May 8, 2011 Report Share Posted May 8, 2011 Stuxnet Under the MicroscopeO analiza detaliata a celor de la ESET.Aleksandr Matrosov, Senior Virus ResearcherEugene Rodionov, Rootkit AnalystDavid Harley, Senior Research FellowJuraj Malcho, Head of Virus LaboratoryContents1 INTRODUCTION ................................................................................................................................ 51.1 TARGETED ATTACKS ............................................................................................................................. 51.2 STUXNET VERSUS AURORA ..................................................................................................................... 71.3 STUXNET REVEALED........................................................................................................................... 111.4 STATISTICS ON THE SPREAD OF THE STUXNET WORM ................................................................................ 152 MICROSOFT, MALWARE AND THE MEDIA ....................................................................................... 172.1 SCADA, SIEMENS AND STUXNET .......................................................................................................... 172.2 STUXNET TIMELINE............................................................................................................................ 193 DISTRIBUTION ................................................................................................................................ 243.1 THE LNK EXPLOIT .............................................................................................................................. 243.1.1 Propagation via External Storage Devices ............................................................................... 273.1.2 Metasploit and WebDAV Exploit .............................................................................................. 273.1.3 What Do DLL Hijacking Flaws and the LNK Exploit have in Common? ..................................... 283.2 LNK VULNERABILITY IN STUXNET .......................................................................................................... 293.3 THE MS10-061 ATTACK VECTOR ......................................................................................................... 313.4 NETWORK SHARED FOLDERS AND RPC VULNERABILITY (MS08-067) ......................................................... 343.5 0-DAY IN WIN32K.SYS (MS10-073) .................................................................................................... 353.6 MS10-092: EXPLOITING A 0-DAY IN TASK SCHEDULER ............................................................................. 404 STUXNET IMPLEMENTATION ........................................................................................................... 454.1 USER-MODE FUNCTIONALITY ................................................................................................................ 454.1.1 Overview of the main module .................................................................................................. 454.1.2 Injecting code ........................................................................................................................... 464.1.3 Injecting into a current process ................................................................................................ 474.1.4 Injecting into a new process ..................................................................................................... 504.1.5 Installation ............................................................................................................................... 504.1.6 Exported functions.................................................................................................................... 524.1.7 RPC Server ............................................................................................................................... 564.1.8 Resources ................................................................................................................................ 584.2 KERNEL-MODE FUNCTIONALITY ............................................................................................................. 584.2.1 MRXCLS.sys ............................................................................................................................... 604.2.2 MRXNET.sys .............................................................................................................................. 644.3 STUXNET BOT CONFIGURATION DATA .................................................................................................... 654.4 REMOTE COMMUNICATION PROTOCOL .................................................................................................. 66CONCLUSION ......................................................................................................................................... 70APPENDIX A ........................................................................................................................................... 71APPENDIX B ........................................................................................................................................... 74APPENDIX C ........................................................................................................................................... 75APPENDIX D .......................................................................................................................................... 82APPENDIX E ........................................................................................................................................... 84Download:http://www.eset.com/us/resources/white-papers/Stuxnet_Under_the_Microscope.pdf Quote Link to comment Share on other sites More sharing options...
mike_vio Posted May 9, 2011 Report Share Posted May 9, 2011 10 tx Nytro, sper sa inteleg ce e cu .lnk-urile alea. Quote Link to comment Share on other sites More sharing options...
